SSLCipherSuite
The available ciphers to use to negotiate SSL connections. You can use this parameter to set an explicit list of ciphers to allow, or to disallow specific ciphers.
The parameter uses the OpenSSL cipher string format. For details of this format, see the documentation for OpenSSL (TLS 1.2 and earlier and TLS 1.3) or apache mod_ssl.
There is no default value for this parameter, which means that OpenText Connector uses the default cipher list.
If you set SSLCipherSuite
, but do not specify any valid ciphers for your SSLMethod, OpenText Connector does not start. For example, OpenText Connector does not start if you set SSLMethod to TLS1.3
, but SSLCipherSuite
contains only ciphers for TLS 1.2 or earlier. However, if SSLCipherSuite
includes both types of cipher, OpenText Connector ignores the ciphers that are not relevant to the SSLMethod.
NOTE: When SSLMethod is set to Negotiate
, you can set SSLCipherSuite
to use ciphers for only TLS 1.3 or for only TLS 1.2 or earlier. In this case, when OpenText Connector negotiates a SSL/TLS version that has configured ciphers, it uses only the allowed ciphers. However, when it negotiates a SSL/TLS version that has no configured ciphers, it uses the default cipher list.
Type: | String |
Default: | None |
Required: | No |
Configuration Section: | SSLOptionN |
Example: | SSLCipherSuite=DEFAULT:!RC4
|
See Also: | SSLConfig |